EKS Cluster Encryption Disabled

• Query id: 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281
• Query name: EKS Cluster Encryption Disabled
• Platform: Terraform
• Severity: High
• Category: Encryption
• URL: Github

Description

EKS Cluster should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}

Postitive test num. 2 - tf file

variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "positive2" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name

  encryption_config {
    resources = ["s"]
    provider {
      key_arn = "test"
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "negative1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name

  encryption_config {
    resources = ["secrets"]
    provider {
      key_arn = "test"
    }
  }
}